Netflix VPN detection - actual engineer needed

Cryptographrix cryptographrix at gmail.com
Sat Jun 4 02:23:29 UTC 2016


"Yeah, I'm actually only going to use 6 of them, between all of my phones,
my Roku, and my laptop, but I'll advertise for all 1.2Septillion"

On Fri, Jun 3, 2016 at 10:21 PM Cryptographrix <cryptographrix at gmail.com>
wrote:

> "Hello Time Warner?....I happen to have 1.2Septillion IPv6 IPs I need to
> advertise...."
>
>
> On Fri, Jun 3, 2016 at 10:19 PM Cryptographrix <cryptographrix at gmail.com>
> wrote:
>
>> "A /48 is officially the smallest"...but apparently smaller gets
>> advertised all over, and I imagine esp for private ASNs...sooooo we buy a
>> /40 and 256 people here get /48s?
>>
>> That would also be hilarious if Netflix blocking HE resulted in 256-some
>> people each getting a /48.
>>
>>
>>
>> On Fri, Jun 3, 2016 at 10:11 PM Cryptographrix <cryptographrix at gmail.com>
>> wrote:
>>
>>> Nope - You'd have the /56 and only people within your /56 (or /64 if you
>>> sliced it up nicely) would be able to do things with it routed by your ISP.
>>>
>>> Of course this means we'll have to get our ISPs to listen for our BGP
>>> advertisement...
>>>
>>>
>>> On Fri, Jun 3, 2016 at 10:09 PM Mansoor Nathani <
>>> mnathani.lists at gmail.com> wrote:
>>>
>>>> Wouldn't the /56 get blocked as soon as Netflix detects multiple
>>>> accounts logging in from the same IPv6 range?
>>>>
>>>> On Fri, Jun 3, 2016 at 9:49 PM, Cryptographrix <
>>>> cryptographrix at gmail.com> wrote:
>>>>
>>>>> This is a good idea. We should do this.
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Jun 3, 2016 at 9:48 PM Raymond Beaudoin <
>>>>> raymond.beaudoin at icarustech.com> wrote:
>>>>>
>>>>> > Make it a /56 each and you've got a deal. Hell, I'll throw in a
>>>>> round of
>>>>> > drinks.
>>>>> >
>>>>> > On Fri, Jun 3, 2016 at 8:40 PM, Cryptographrix <
>>>>> cryptographrix at gmail.com>
>>>>> > wrote:
>>>>> >
>>>>> >> We should crowdsource a /40 and split it up into /64's for each of
>>>>> us.
>>>>> >>
>>>>> >>
>>>>> >> On Fri, Jun 3, 2016 at 9:38 PM Matthew Kaufman <matthew at matthew.at>
>>>>> >> wrote:
>>>>> >>
>>>>> >> > If early adopter PI IPv6 was the same price as early adopter PI v4
>>>>> >> space,
>>>>> >> > my wife would be totally on board with this solution.
>>>>> >> >
>>>>> >> > Matthew Kaufman
>>>>> >> >
>>>>> >> > (Sent from my iPhone)
>>>>> >> >
>>>>> >> > > On Jun 3, 2016, at 6:27 PM, Spencer Ryan <sryan at arbor.net>
>>>>> wrote:
>>>>> >> > >
>>>>> >> > > Well if you have PI space just use HE's BGP tunnel offerings.
>>>>> >> > >
>>>>> >> > >
>>>>> >> > > *Spencer Ryan* | Senior Systems Administrator | sryan at arbor.net
>>>>> >> > > *Arbor Networks*
>>>>> >> > > +1.734.794.5033 (d) | +1.734.846.2053 (m)
>>>>> >> > > www.arbornetworks.com
>>>>> >> > >
>>>>> >> > > On Fri, Jun 3, 2016 at 9:24 PM, Raymond Beaudoin <
>>>>> >> > > raymond.beaudoin at icarustech.com> wrote:
>>>>> >> > >
>>>>> >> > >> As an alternative, there are multiple cloud service offerings
>>>>> that
>>>>> >> will
>>>>> >> > >> advertise your IPv6 allocations on your behalf direct to a
>>>>> server in
>>>>> >> > their
>>>>> >> > >> data centers. It seems pretty tongue-in-cheek, and satisfying,
>>>>> to
>>>>> >> turn
>>>>> >> > >> up a *<insert
>>>>> >> > >> favorite virtual router instance> *and then route through it.
>>>>> The
>>>>> >> > Internet
>>>>> >> > >> is such an amazing place.
>>>>> >> > >>
>>>>> >> > >> On Fri, Jun 3, 2016 at 8:15 PM, Cryptographrix <
>>>>> >> > cryptographrix at gmail.com>
>>>>> >> > >> wrote:
>>>>> >> > >>
>>>>> >> > >>> Yeah I RAWRed to them pretty hard whilst being as
>>>>> understanding to
>>>>> >> the
>>>>> >> > CS
>>>>> >> > >>> rep that it wasn't their fault.
>>>>> >> > >>>
>>>>> >> > >>> They thought I was weird as anything.
>>>>> >> > >>>
>>>>> >> > >>> If there are any Verizon FiOS network engineers on the
>>>>> thread, a
>>>>> >> fellow
>>>>> >> > >>> Verizon employee would thank you kindly for an off-thread
>>>>> email
>>>>> >> > regarding
>>>>> >> > >>> BGP advertisement (I'll buy the IPv6 block and the
>>>>> drink-of-choice,
>>>>> >> you
>>>>> >> > >>> configure my account to listen for route advertisement).
>>>>> >> > >>>
>>>>> >> > >>> Strange that it has to come to this to get "legit" IPv6
>>>>> service.
>>>>> >> > >>>
>>>>> >> > >>>
>>>>> >> > >>>
>>>>> >> > >>>
>>>>> >> > >>> On Fri, Jun 3, 2016 at 9:08 PM Raymond Beaudoin <
>>>>> >> > >>> raymond.beaudoin at icarustech.com> wrote:
>>>>> >> > >>>
>>>>> >> > >>>> I wasn't originally affected on my he.net tunnel, but this
>>>>> >> evening it
>>>>> >> > >>>> started blocking. The recommended ACLs are a functional
>>>>> temporary
>>>>> >> > >>>> workaround, but I've also opened a request with Netflix.
>>>>> >> > >>>>
>>>>> >> > >>>> On Fri, Jun 3, 2016 at 7:54 PM, Mark T. Ganzer <
>>>>> >> > ganzer at spawar.navy.mil>
>>>>> >> > >>>> wrote:
>>>>> >> > >>>>
>>>>> >> > >>>>> So far I am not seeing a Netflix block on my he.net tunnel
>>>>> yet. I
>>>>> >> > >>>> connect
>>>>> >> > >>>>> to the Los Angeles node, so maybe not all of HE's address
>>>>> space is
>>>>> >> > >> being
>>>>> >> > >>>>> blocked.
>>>>> >> > >>>>>
>>>>> >> > >>>>> Not going to be disabling IPv6 here either. + HAD native
>>>>> IPv6 from
>>>>> >> > >> Time
>>>>> >> > >>>>> Warner, but they decided to in their wisdom to disable IPv6
>>>>> >> service
>>>>> >> > >> for
>>>>> >> > >>>>> anyone that has an Arris SB6183 due to an Arris firmware
>>>>> bug.  And
>>>>> >> > >> they
>>>>> >> > >>>> are
>>>>> >> > >>>>> taking their sweet time pushing out the fixed firmware
>>>>> update that
>>>>> >> > >>>> Comcast
>>>>> >> > >>>>> and Cox seemed to be able to push to their customers last
>>>>> fall.
>>>>> >> > >>>>>
>>>>> >> > >>>>> -Mark Ganzer
>>>>> >> > >>>>>
>>>>> >> > >>>>>
>>>>> >> > >>>>>> On 6/3/2016 4:49 PM, Cryptographrix wrote:
>>>>> >> > >>>>>>
>>>>> >> > >>>>>> Depends - how many US users have native IPv6 through their
>>>>> ISPs?
>>>>> >> > >>>>>>
>>>>> >> > >>>>>> If I remember correctly (I can't find the source at the
>>>>> moment),
>>>>> >> > >> HE.net
>>>>> >> > >>>>>> represents something like 70% of IPv6 traffic in the US.
>>>>> >> > >>>>>>
>>>>> >> > >>>>>> And yeah, not doing that - actually in the middle of an
>>>>> IPv6
>>>>> >> project
>>>>> >> > >> at
>>>>> >> > >>>>>> work at the moment that's a bit important to me.
>>>>> >> > >>>>>>
>>>>> >> > >>>>>>
>>>>> >> > >>>>>>
>>>>> >> > >>>>>>
>>>>> >> > >>>>>> On Fri, Jun 3, 2016 at 7:45 PM Baldur Norddahl <
>>>>> >> > >>>> baldur.norddahl at gmail.com
>>>>> >> > >>>>>> wrote:
>>>>> >> > >>>>>>
>>>>> >> > >>>>>> Den 4. jun. 2016 01.26 skrev "Cryptographrix" <
>>>>> >> > >>>> cryptographrix at gmail.com>:
>>>>> >> > >>>>>>>
>>>>> >> > >>>>>>>> The information I'm getting from Netflix support now is
>>>>> >> explicitly
>>>>> >> > >>>>>>> telling
>>>>> >> > >>>>>>>
>>>>> >> > >>>>>>>> me to turn off IPv6 - someone might want to stop them
>>>>> before
>>>>> >> they
>>>>> >> > >>>>>>>> completely kill US IPv6 adoption.
>>>>> >> > >>>>>>> Not allowing he.net tunnels is not killing ipv6. You
>>>>> just need
>>>>> >> > need
>>>>> >> > >>>>>>> native
>>>>> >> > >>>>>>> ipv6.
>>>>> >> > >>>>>>>
>>>>> >> > >>>>>>> On the other hand it would be nice if Netflix would try
>>>>> the
>>>>> >> other
>>>>> >> > >>>>>>> protocol
>>>>> >> > >>>>>>> before blocking.
>>>>> >> > >>
>>>>> >> >
>>>>> >> >
>>>>> >>
>>>>> >
>>>>> >
>>>>>
>>>>
>>>>



More information about the NANOG mailing list